Allow root access without passwdIndeed it's in /etc/pam.d/common-auth, line with pam_unix.so, change nullok_secure to nullok (and in any other required auth files). Thanks for considering privileged users as adults, and providing a solution while warning the less experienced readers.